I finally got this one after reading pretty much everything I could find on $_POST and file_get_contents on w3schools and php.net.

Confused as hell as to WHY it worked though. I won't spoil it for others, but isn't it true that the answer (i.e. the source code for hack...site.org/index.php) would be stored in the variable $lvl_text? Or maybe I misconstrued how to go about solving this one, I guess the one hint I could give is not to think that what you enter is supposed to cat the whole thing out to your screen or whatever.

In short, then, I was wondering from someone more knowledgable of php than I am as to whether or not the whole "source code" is going to be stored in "$lvl_text", the variable.

"I'm going to get into your sister. I'm going to get my hands on your daughter." ~Gatito

mike741 wrote:think of where your starting... where is the form your sending this info too... in relation to where you are trying to get?

i hope thats enuf without being a spoiler... I really dissaprove of this question as it is labeled blocking extensions but thats not the tricky part....

yeah, thanks for this.

but I wonder, why normal hackthissite.org/index doesn't work? It should work either. also, the index.php is located at the r*** of hackthissite.org, so a simple s***h should do it too, right? but why it doesn't work..?

mike741 wrote:think of where your starting... where is the form your sending this info too... in relation to where you are trying to get?

i hope thats enuf without being a spoiler... I really dissaprove of this question as it is labeled blocking extensions but thats not the tricky part....

yeah, thanks for this.

but I wonder, why normal hackthissite.org/index doesn't work? It should work either. also, the index.php is located at the r*** of hackthissite.org, so a simple s***h should do it too, right? but why it doesn't work..?

Imagine the script is executed from the extbasic page, so any filename you enter will be opened from that current directory, that's where you are, where do you need to be? Think directory transversal

AngelicPain93 wrote:I am totally confused, i though that its impossible to obtain the source of php files like you would do with html

You aren't trying to access the code directly. Your goal is to get a vulnerable script to give you the code. A vulnerable script would have access to the code. Trying directly with your browser, you wouldn't have access, except to the generated HTML. So, this just plays on that vulnerability.